Popular Reviews

Adware Removal

» Adware Removal

Rogueware Removal

» Rogueware Removal

Keylogger Removal

Fix PC Errors

Helpful Definitions

Learn More

» Learn More

Antispyware Reviews

Registry Cleaner Reviews

Firewall Reviews

Spam Filter Reviews

Cloud AV 2012


5th January 2012

Cloud AV 2012 Rogue Antivirus Warning

Worms, Trojans, rootkits, viruses…there are so many threats to our computer security today that it is hard to keep track of them all.  A reliable and effective security program is a must so we do not have to keep track of them all.  We depend on these programs to keep our machines, our data, and our privacy intact while we browse.  Rogue antivirus programs like Cloud AV 2012 try to convince computer users that their software is the best, that they are the only ones able to remove threats and protect their system.  Knowing how to spot rogue from real can help you keep your computer, and money, safe.

Introduction to Cloud AV 2012

While the sheer number of rogue antivirus programs can seem overwhelming, the positive news is that they tend to behave in identical ways.  Once you can spot one, you can spot, and avoid, all of them.  Cloud AV 2012 is typical of rogues in that it uses popups and false security scan warnings in order to persuade computer users that their machines are under attack.  This elaborate display is designed to prompt them to purchase the “full” version of the software.  Unfortunately, rogues do not live up to their promises and no protection will be provided.

This rogue program is related to OpenCloud Security, Cloud Protection, and AV Protection 2011 and a member of the WinAVPro family.

Accessing Your Computer

The “free” version of Cloud AV 2012 is stealth downloaded by Trojans.  Visiting compromised sites, clicking on ads, downloading videos and other freeware, or sharing files can allow Trojans to access your computer.  While adult sites have traditionally been targeted by Trojans, today it is common for them to lurk in sites that contain gaming, P2P, freeware, and trending or current events content. 

The “paid” version differs from the free version in name only.  Neither is able to scan computers or remove threats.  Why would a user choose to install such a program?  The free version of the rogue floods the user with dire warnings; wanting to protect their machines, data, and privacy, they choose to buy the software.  The full version has no more power to scan or eliminate threats than the free one does.

Signs of Cloud AV 2012

Because rogue antivirus programs can be downloaded without the users’ knowledge, it is important to be able to determine if one has accessed your system.  At first, this is impossible as the rogue quietly changes your security settings, allowing itself to run undetected.  When it becomes active, you will notice several changes, including:

Popups. You will begin seeing small windows or balloon-style messages popping up even when you are offline.  The text varies slightly, but here are typical examples:

Serious security vulnerabilities were detected on this computer. Your privacy and personal data may be unsafe.  Do you want to protect your PC?

Windows Security Alert

To help protect your computer, Windows Firewall has blocked some features of this program. Do you want to keep blocking this program?

Name: Zeus Trojan

Publisher: Unauthorized.

Security Warning

There are critical system files on your computer that were modified by malicious software.

It may cause permanent data loss.
Click here to remove malicious software.

It is not uncommon for these warnings to mention Windows or other legitimate programs in an effort to appear genuine. 

False scans.  Cloud AV 2012 cannot scan your computer. It can, however, produce popups that mimic scan results in order to persuade you that there are security threats present in your system.  Those issued by this particular rogue feature a black and red color scheme and a shield logo.  You will also see the name clearly printed at the top.  The developers are hoping you will be too distracted by the laundry list of infections to notice that the warning does not come from your legitimate security program. 

You are told that you are “At Risk” and should activate protection now.  You are also given the option to “Remove” all threats.  Clicking on any part of the ad will lead you to a rogue website on which you are urged to enter your credit card information.

Redirects or inability to navigate and search.  One of the biggest problems with rogue antivirus programs is that they can prevent you from getting legitimate security help.  If you try to run a search for a reputable program, for instance, you may be redirected to a rogue website and urged to purchase Cloud AV 2012.  You may also get a message like the following:

Warning!

The file “firefox.exe” is infected. Running of application is impossible. Please activate your antivirus software.

In addition, you may notice that your system is running slowly and that there are unfamiliar icons on your desktop or system tray.

Removing Cloud AV 2012

If rogue antivirus programs are easy to spot, they make up for it by being very difficult to remove.  They change your security settings and bury themselves in your system registry.  This makes basic removal attempts, like using the Uninstall function, ineffective, and because they are not classified as viruses, running your security program is unlikely to eliminate the rogue.  Users do have two options available: automatic and manual removal.  Which is best for you?

Automatic removal, using a reputable program like Enigma's SpyHunter or Malwarebytes Anti-Malware (Malwarebytes has free malware removal) , is recommended for all computer users.  It is possible to completely remove a rogue without causing any damage to the system registry or your machine’s performance.  Manual removal is more difficult and, therefore, it is recommended that only those with technical experience undertake the task.  It is possible to accidentally delete necessary files or registry keys; it is equally likely that you could fail to remove each and every file, and the rogue would re-launch itself after the computer has been rebooted.

If you have the time and expertise, try the following directions. Always make a backup of your registry before starting, and feel free to contact us at any point if you need help.

Stop Processes:

[random].exe (random set of letters and digits).

C:\Windows\System32\Cloud AV 2012v121.exe (might be a bit different name).

Trojans, downloaded with the same downloader:

%AppData%\dwme.exe

%AppData%\[random]\[random]

C:\Program Files\\[random]\[random]

Delete Registry Entries:

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:59232

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[random characters]"

HKEY_CURRENT_USER\Software\System Security 2011

Delete Files:

[random].exe (random set of letters and digits).

C:\Windows\System32\Cloud AV 2012v121.exe (might be a bit different name).

Trojans, downloaded with the same downloader:

%AppData%\dwme.exe

%AppData%\[random]\[random]

C:\Program Files\\[random]\[random]



We are affiliated with some of the legitimate programs recommended on this website. Should you choose to use the programs recommended here, we may receive a fee that will help support the site.

NEWS | ARTICLES | REVIEWS | CONTACTS | LINK TO US
All content copyright 2006-2017, RemoveAdware.com.au. Author: Wayne Davis.
All Rights Reserved. All trademarks and company brand names are acknowledged.
Privacy Policy | Terms Of Service